If you use any currently standard protocol such as wireguard, openvpn, IPSEC with Suite-B ciphers you are getting 'enhanced-privacy'* from eavesdroppers on your local network, which eliminates alot of low-tier/easy MiTM attacks.
A two-layer/double tunnel is pretty-good for mitigating against most commercial data collection by eavesdroppers. (Though your tunnel-exit/last-VPN-hop, (varying by client-destination protocol), and the destination IPs/sites will still be able to collect data of course).
*Consider privacy a vector. Suite-B ciphers are not perfect, letalone their freely-available implementations.
If you use any currently standard protocol such as wireguard, openvpn, IPSEC with Suite-B ciphers you are getting 'enhanced-privacy'* from eavesdroppers on your local network, which eliminates alot of low-tier/easy MiTM attacks.
A two-layer/double tunnel is pretty-good for mitigating against most commercial data collection by eavesdroppers. (Though your tunnel-exit/last-VPN-hop, (varying by client-destination protocol), and the destination IPs/sites will still be able to collect data of course).
*Consider privacy a vector. Suite-B ciphers are not perfect, letalone their freely-available implementations.